Skip to content

Commit

Permalink
8196415: Disable SHA-1 Signed JARs
Browse files Browse the repository at this point in the history
Reviewed-by: coffeys
  • Loading branch information
seanjmullan committed Apr 28, 2021
1 parent 21f65f8 commit 2780577
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/java.base/share/conf/security/java.security
Expand Up @@ -634,7 +634,8 @@ sun.security.krb5.maxReferrals=5
#
#
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01

#
# Legacy algorithms for certification path (CertPath) processing and
Expand Down Expand Up @@ -698,7 +699,7 @@ jdk.security.legacyAlgorithms=SHA1, \
# See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
#
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
DSA keySize < 1024
DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01

#
# Algorithm restrictions for Secure Socket Layer/Transport Layer Security
Expand Down

1 comment on commit 2780577

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.